1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows Live Messenger Virus - So Annoying - Please Help

Discussion in 'Virus & Other Malware Removal' started by LatinoPride, Apr 17, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. LatinoPride

    LatinoPride Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    28
    Hey all
    I have this annoying virus thing on Windows Live msg. It sends to all my contacts that are online a msg asking "if this is them on facebook"? I no that it is a virus because if anyone clicks on it they get the same virus. SO ANNOYING:mad:
    Please help me:(
    I keep searching the net to fix the problem but it just doesn't fix it.
    My system is Windows XP if that helps. Thank you so much for the help
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,377
    First Name:
    Karen
    Hi and welcome to TSG,

    Click here to download HJTsetup.exe.
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

    Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
     
  3. LatinoPride

    LatinoPride Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    28
    Hi thankyou for helping me but i can not seem to see the download link for HJTsetup.exe.
    Thank you again.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,377
    First Name:
    Karen
  5. LatinoPride

    LatinoPride Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    28
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:38:06, on 20/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ietmt.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ninemsn.com.au
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by ninemsn Optimised IE7
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lwinupdate.exe,C:\WINDOWS\system32\userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {534A3E28-2B67-5797-55C6-08628A7497AD} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {64B94229-7967-860A-A0C2-034C02BA876B} - (no file)
    O2 - BHO: (no name) - {66E72884-4FD2-464F-A6B8-468F31C40E36} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [qupr] C:\WINDOWS\system32\qupr.exe
    O4 - HKLM\..\Run: [xchdhhfzunq] C:\WINDOWS\system32\xchdhhfzunq.exe
    O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ietmt] C:\WINDOWS\system32\ietmt.exe
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [ztk] C:\WINDOWS\system32\ztk.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\RunServices: [qupr] C:\WINDOWS\system32\qupr.exe
    O4 - HKLM\..\RunServices: [xchdhhfzunq] C:\WINDOWS\system32\xchdhhfzunq.exe
    O4 - HKLM\..\RunServices: [ietmt] C:\WINDOWS\system32\ietmt.exe
    O4 - HKLM\..\RunServices: [ztk] C:\WINDOWS\system32\ztk.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: awtqrsp - awtqrsp.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DigiCtrl (eseonijpbeuoa) - Unknown owner - C:\WINDOWS\system32\ztk.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

    --
    End of file - 13490 bytes
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,377
    First Name:
    Karen
    Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
     
  7. LatinoPride

    LatinoPride Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    28
    hi thx again for helping me i appericiate it very much.
    i had trouble installing the Windows Recovery Console. I did the scans anyway so here they are:

    ComboFix 08-04-20.2 - Joshua 2008-04-21 8:29:13.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1483 [GMT 10:00]
    Running from: C:\Documents and Settings\Joshua\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
    C:\Documents and Settings\Margarita\Application Data\SpamBlockerUtility_Icons
    C:\Documents and Settings\Margarita\Application Data\SpamBlockerUtility_Icons\Jamster2.ico
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\system32\drivers\4_stars.gif
    C:\WINDOWS\system32\drivers\5_stars.gif
    C:\WINDOWS\system32\drivers\arrow.gif
    C:\WINDOWS\system32\drivers\buy_btn.gif
    C:\WINDOWS\system32\drivers\download_btn.gif
    C:\WINDOWS\system32\drivers\features.gif
    C:\WINDOWS\system32\drivers\logo_bg.gif
    C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
    C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
    C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
    C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
    C:\WINDOWS\system32\drivers\protect.gif
    C:\WINDOWS\system32\drivers\spy_away_box.jpg
    C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
    C:\WINDOWS\system32\drivers\spy_away_header.gif
    C:\WINDOWS\system32\drivers\spy_away_header_small.gif
    C:\WINDOWS\system32\drivers\users_rating.gif
    C:\WINDOWS\system32\drivers\v.gif
    C:\WINDOWS\system32\drivers\x.gif
    C:\WINDOWS\system32\mkghj.dll
    C:\WINDOWS\system32\systeminfo3.dll
    C:\WINDOWS\system32\tmrsr.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
    .

    2008-04-21 08:05 . 2008-04-21 08:05 <DIR> d-------- C:\WINDOWS\LastGood
    2008-04-21 08:04 . 2008-04-21 08:04 163,840 --a------ C:\WINDOWS\system32\ksykmwhukwwn.exe
    2008-04-20 09:37 . 2008-04-20 09:37 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-19 11:36 . 2008-04-19 11:36 <DIR> d-------- C:\Program Files\PIXELA
    2008-04-19 11:31 . 2008-04-19 11:31 <DIR> d-------- C:\Program Files\REGSHAVE
    2008-04-19 11:31 . 2001-11-25 21:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
    2008-04-19 11:31 . 2002-02-06 02:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
    2008-04-19 11:31 . 2002-02-27 21:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
    2008-04-19 11:31 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
    2008-04-19 11:31 . 2002-02-13 20:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
    2008-04-15 18:01 . 2008-04-17 10:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-15 17:30 . 2008-04-15 17:30 163,840 --a------ C:\WINDOWS\system32\ztk.exe
    2008-04-14 19:45 . 2008-04-14 19:45 <DIR> d-------- C:\Documents and Settings\Joshua\Incomplete
    2008-04-14 19:45 . 2008-04-14 20:33 <DIR> d-------- C:\Documents and Settings\Joshua\Application Data\FrostWire
    2008-04-14 19:44 . 2008-04-14 19:51 <DIR> d-------- C:\Program Files\FrostWire
    2008-04-14 08:52 . 2008-04-14 08:52 159,744 --a------ C:\WINDOWS\system32\ietmt.exe
    2008-04-09 22:55 . 2008-04-09 22:55 0 --a------ C:\output1.avi
    2008-04-09 22:36 . 2008-04-09 22:36 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
    2008-04-09 22:33 . 2008-04-10 15:58 <DIR> d-------- C:\Program Files\MKVTOAVI
    2008-04-09 12:38 . 2008-04-09 12:38 <DIR> d-------- C:\Program Files\Network Associates
    2008-04-05 16:30 . 2008-04-13 20:20 11,114 --a------ C:\Documents and Settings\All Users\Application Data\MainApp.dll
    2008-04-05 16:29 . 2008-04-05 16:29 <DIR> d-------- C:\Program Files\CloneDVD
    2008-04-05 16:29 . 2008-04-05 16:29 <DIR> d-------- C:\Documents and Settings\Joshua\Application Data\Vso
    2008-04-05 16:29 . 2008-04-05 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVDXStudio
    2008-04-05 16:29 . 2008-04-05 16:29 81,920 --a------ C:\Documents and Settings\Joshua\Application Data\ezpinst.exe
    2008-04-05 16:29 . 2008-04-05 16:29 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2008-04-05 16:29 . 2008-04-05 16:29 47,360 --a------ C:\Documents and Settings\Joshua\Application Data\pcouffin.sys
    2008-04-05 16:26 . 2008-04-05 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
    2008-04-05 16:26 . 2008-04-11 16:35 40 ---hs---- C:\Documents and Settings\All Users\Application Data\.zreglib
    2008-04-05 16:26 . 2008-04-05 16:26 24 ---hs---- C:\WINDOWS\SEE82798D.tmp
    2008-03-28 21:28 . 2008-04-02 10:42 238 --a------ C:\WINDOWS\mafosav.INI
    2008-03-28 21:25 . 2008-03-28 21:25 <DIR> d-------- C:\Buziol Games
    2008-03-28 11:58 . 2008-04-02 10:18 <DIR> d-------- C:\Program Files\Windows Live
    2008-03-28 10:41 . 2008-03-28 10:41 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    2008-03-21 18:52 . 2008-03-21 18:53 <DIR> d-------- C:\Program Files\Safari
    2008-03-21 18:47 . 2008-03-21 18:48 <DIR> d-------- C:\Program Files\iTunes
    2008-03-21 18:47 . 2008-03-21 18:47 <DIR> d-------- C:\Program Files\iPod

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-20 11:27 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
    2008-04-20 11:27 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
    2008-04-20 11:27 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
    2008-04-20 11:27 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
    2008-04-20 11:27 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
    2008-04-20 11:27 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
    2008-04-20 11:27 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
    2008-04-20 11:27 139,256 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
    2008-04-19 01:56 --------- d-----w C:\Program Files\FinePixViewer
    2008-04-19 01:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-19 01:34 --------- d-----w C:\Documents and Settings\Joshua\Application Data\FUJIFILM
    2008-04-18 00:34 --------- d-----w C:\Documents and Settings\Joshua\Application Data\Azureus
    2008-04-17 07:11 --------- d-----w C:\Program Files\Azureus
    2008-04-16 13:54 --------- d-----w C:\Documents and Settings\Margarita\Application Data\Skype
    2008-04-16 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-15 08:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-15 07:28 --------- d-----w C:\Program Files\Common Files\Scanner
    2008-04-15 05:46 91,400 ----a-w C:\WINDOWS\system32\isafprod.dll
    2008-04-15 05:46 32,264 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
    2008-04-15 05:46 26,376 ----a-w C:\WINDOWS\system32\drivers\vet-filt.sys
    2008-04-15 05:46 21,512 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
    2008-04-15 05:46 21,128 ----a-w C:\WINDOWS\system32\drivers\vet-rec.sys
    2008-04-14 10:31 --------- d-----w C:\Documents and Settings\Joshua\Application Data\DVD Flick
    2008-04-14 10:12 --------- d-----w C:\Program Files\Avanquest update
    2008-04-11 12:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
    2008-04-09 12:37 --------- d-----w C:\Documents and Settings\Joshua\Application Data\NewzToolz
    2008-04-05 05:50 --------- d-----w C:\Documents and Settings\Joshua\Application Data\Creative
    2008-04-02 22:37 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-02 00:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-21 10:21 --------- d-----w C:\Documents and Settings\Joshua\Application Data\Apple Computer
    2008-03-19 13:07 97,600 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
    2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
    2008-03-06 05:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-03-04 05:07 74,064 ----a-w C:\Documents and Settings\Joshua\Application Data\GDIPFONTCACHEV1.DAT
    2008-03-01 11:33 --------- d-----w C:\Program Files\uTorrent
    2008-03-01 10:28 --------- d-----w C:\Documents and Settings\Margarita\Application Data\MSNInstaller
    2008-03-01 05:13 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-01 01:47 --------- d-----w C:\Program Files\The Queen Of Fighters
    2008-03-01 01:44 --------- d-----w C:\Program Files\Common Files\Roxio Shared
    2008-03-01 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
    2008-03-01 01:29 --------- d-----w C:\Program Files\Roxio
    2008-03-01 01:15 --------- d-----w C:\Program Files\Google
    2008-03-01 01:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wait Find Browse New
    2008-03-01 01:02 --------- d-----w C:\Documents and Settings\Joshua\Application Data\Orbit
    2008-02-29 09:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\Orbit
    2008-02-28 11:52 --------- d-----w C:\Documents and Settings\Margarita\Application Data\Orbit
    2008-02-28 02:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Rdr Axis Meet
    2008-02-23 04:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
    2008-02-22 11:22 --------- d-----w C:\Program Files\QuickTime
    2008-02-01 04:34 99,592 ----a-w C:\WINDOWS\system32\isafeif.dll
    2008-02-01 04:34 83,256 ----a-w C:\WINDOWS\system32\vetredir.dll
    2008-01-28 09:53 114,688 ----a-w C:\WINDOWS\system32\xchdhhfzunq.exe
    2008-01-28 09:53 114,688 ----a-r C:\WINDOWS\system32\qupr.exe
    2008-01-28 09:53 114,688 ----a-r C:\WINDOWS\system32\ddbqavramg.exe
    2007-12-21 01:56 24,192 ----a-w C:\Documents and Settings\Owner\usbsermptxp.sys
    2007-12-21 01:56 22,768 ----a-w C:\Documents and Settings\Owner\usbsermpt.sys
    2007-01-28 14:30 92,064 ----a-w C:\Documents and Settings\Joshua\mqdmmdm.sys
    2007-01-28 14:30 9,232 ----a-w C:\Documents and Settings\Joshua\mqdmmdfl.sys
    2007-01-28 14:30 79,328 ----a-w C:\Documents and Settings\Joshua\mqdmserd.sys
    2007-01-28 14:30 66,656 ----a-w C:\Documents and Settings\Joshua\mqdmbus.sys
    2007-01-28 14:30 6,208 ----a-w C:\Documents and Settings\Joshua\mqdmcmnt.sys
    2007-01-28 14:30 5,936 ----a-w C:\Documents and Settings\Joshua\mqdmwhnt.sys
    2007-01-28 14:30 4,048 ----a-w C:\Documents and Settings\Joshua\mqdmcr.sys
    2007-01-28 14:30 25,600 ----a-w C:\Documents and Settings\Joshua\usbsermptxp.sys
    2007-01-28 14:30 22,768 ----a-w C:\Documents and Settings\Joshua\usbsermpt.sys
    2002-09-11 14:26 63,730 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf
    2007-12-20 05:35 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-20 14:28 67128]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 19:33 68856]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 10:03 868352]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 10:37 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-04 09:15 4554752]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
    "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-04-15 15:46 181512]
    "CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-04-15 15:46 234760]
    "cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-04-15 15:46 771336]
    "capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-04-15 15:46 173320]
    "capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-04-15 15:46 259336]
    "qupr"="C:\WINDOWS\system32\qupr.exe" [2008-01-28 19:53 114688]
    "xchdhhfzunq"="C:\WINDOWS\system32\xchdhhfzunq.exe" [2008-01-28 19:53 114688]
    "CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-10-25 11:51 380928]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 22:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 12:10 267048]
    "ietmt"="C:\WINDOWS\system32\ietmt.exe" [2008-04-14 08:52 159744]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 22:00 158208]
    "ztk"="C:\WINDOWS\system32\ztk.exe" [2008-04-15 17:30 163840]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "qupr"="C:\WINDOWS\system32\qupr.exe" [2008-01-28 19:53 114688]
    "xchdhhfzunq"="C:\WINDOWS\system32\xchdhhfzunq.exe" [2008-01-28 19:53 114688]
    "ietmt"="C:\WINDOWS\system32\ietmt.exe" [2008-04-14 08:52 159744]
    "ztk"="C:\WINDOWS\system32\ztk.exe" [2008-04-15 17:30 163840]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-04-20 22:44:58 113664]
    ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-04-19 11:33:16 303104]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-20 14:28:05 67128]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrsp]
    awtqrsp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
    UmxWnp.Dll 2007-05-18 12:30 79368 C:\WINDOWS\system32\UmxWNP.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "msacm.ac3acm"= ac3acm.acm
    "vidc.dvsd"= mcdvd_32.dll
    "msacm.l3fhg"= mp3fhg.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "VIDC.YV12"= yv12vfw.dll
    "msacm.ac3filter"= ac3filter.acm
    "msacm.lameacm"= lameACM.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
    "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Joshua^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
    path=C:\Documents and Settings\Joshua\Start Menu\Programs\Startup\VirtuaGirl2.lnk
    backup=C:\WINDOWS\pss\VirtuaGirl2.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 09:24]
    R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 12:30]
    R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 12:30]
    R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 13:21]
    R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 09:24]
    R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 11:09]
    R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-18 09:24]
    R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 09:24]
    R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 12:30]
    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 03:17]
    R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-13 14:15]
    R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
    R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2008-04-15 15:46]
    S2 eseonijpbeuoa;DigiCtrl;C:\WINDOWS\system32\ksykmwhukwwn.exe [2008-04-21 08:04]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a3d1316-5535-11dc-80a1-001346938c80}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b31d8568-757f-11dc-810d-001346938c80}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    *Newly Created Service* - CATCHME
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-20 11:00:00 C:\WINDOWS\Tasks\B20D87CF918A34F3.job"
    - c:\docume~1\owner\applic~1\rdraxi~1\mess type surf.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-21 08:32:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 14

    **************************************************************************
    .
    Completion time: 2008-04-21 8:33:27
    ComboFix-quarantined-files.txt 2008-04-20 22:33:00

    Pre-Run: 5,015,060,480 bytes free
    Post-Run: 6,132,137,984 bytes free

    267 --- E O F --- 2008-04-20 11:27:21
     
  8. LatinoPride

    LatinoPride Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    28
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:35:26, on 21/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ietmt.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {534A3E28-2B67-5797-55C6-08628A7497AD} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {64B94229-7967-860A-A0C2-034C02BA876B} - (no file)
    O2 - BHO: (no name) - {66E72884-4FD2-464F-A6B8-468F31C40E36} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [qupr] C:\WINDOWS\system32\qupr.exe
    O4 - HKLM\..\Run: [xchdhhfzunq] C:\WINDOWS\system32\xchdhhfzunq.exe
    O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ietmt] C:\WINDOWS\system32\ietmt.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [ztk] C:\WINDOWS\system32\ztk.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\RunServices: [qupr] C:\WINDOWS\system32\qupr.exe
    O4 - HKLM\..\RunServices: [xchdhhfzunq] C:\WINDOWS\system32\xchdhhfzunq.exe
    O4 - HKLM\..\RunServices: [ietmt] C:\WINDOWS\system32\ietmt.exe
    O4 - HKLM\..\RunServices: [ztk] C:\WINDOWS\system32\ztk.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: awtqrsp - awtqrsp.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DigiCtrl (eseonijpbeuoa) - Unknown owner - C:\WINDOWS\system32\ksykmwhukwwn.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

    --
    End of file - 13016 bytes
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,377
    First Name:
    Karen
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    C:\WINDOWS\system32\ksykmwhukwwn.exe
    C:\WINDOWS\system32\ztk.exe
    C:\WINDOWS\system32\ietmt.exe
    C:\WINDOWS\SEE82798D.tmp
    C:\WINDOWS\system32\xchdhhfzunq.exe
    C:\WINDOWS\system32\qupr.exe
    C:\WINDOWS\system32\ddbqavramg.exe
    C:\WINDOWS\Tasks\B20D87CF918A34F3.job
    
    Folder::
    C:\Documents and Settings\All Users\Application Data\Wait Find Browse New
    C:\Documents and Settings\Owner\Application Data\Rdr Axis Meet
    
    Driver::
    eseonijpbeuoa
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "qupr"=- 
    "xchdhhfzunq"=-
    "ietmt"=-
    "ztk"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "qupr"=- 
    "xchdhhfzunq"=-
    "ietmt"=- 
    "ztk"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrsp]
     
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


    Also, do this please:

    copy the part in bold below into notepad and save it as direxie.bat
    Set File type to "All files"


    cd\
    cd C:\Documents and Settings\%UserName%\Application Data
    dir /x > C:\directory.txt
    cd C:\Documents and Settings\All Users\Application Data
    dir /x >> C:\directory.txt
    cd C:\Program Files
    dir /x >> C:\directory.txt
    start notepad C:\directory.txt



    Start the file by double clicking direxie.bat
    That will open a file called directory.txt. Post the content of that file.
     
  10. LatinoPride

    LatinoPride Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    28
    ComboFix 08-04-20.5 - Joshua 2008-04-22 9:04:45.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1488 [GMT 10:00]
    Running from: C:\Documents and Settings\Joshua\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
    .

    2008-04-22 08:52 . 2008-04-22 08:52 <DIR> d-------- C:\WINDOWS\LastGood
    2008-04-22 08:52 . 2008-04-22 08:52 163,840 --a------ C:\WINDOWS\system32\phnyd.exe
    2008-04-21 08:04 . 2008-04-21 08:04 163,840 --a------ C:\WINDOWS\system32\ksykmwhukwwn.exe
    2008-04-20 09:37 . 2008-04-20 09:37 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-19 11:36 . 2008-04-19 11:36 <DIR> d-------- C:\Program Files\PIXELA
    2008-04-19 11:31 . 2008-04-19 11:31 <DIR> d-------- C:\Program Files\REGSHAVE
    2008-04-19 11:31 . 2001-11-25 21:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
    2008-04-19 11:31 . 2002-02-06 02:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
    2008-04-19 11:31 . 2002-02-27 21:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
    2008-04-19 11:31 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
    2008-04-19 11:31 . 2002-02-13 20:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
    2008-04-15 18:01 . 2008-04-17 10:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-15 17:30 . 2008-04-15 17:30 163,840 --a------ C:\WINDOWS\system32\ztk.exe
    2008-04-14 19:45 . 2008-04-14 19:45 <DIR> d-------- C:\Documents and Settings\Joshua\Incomplete
    2008-04-14 19:45 . 2008-04-14 20:33 <DIR> d-------- C:\Documents and Settings\Joshua\Application Data\FrostWire
    2008-04-14 19:44 . 2008-04-14 19:51 <DIR> d-------- C:\Program Files\FrostWire
    2008-04-14 08:52 . 2008-04-14 08:52 159,744 --a------ C:\WINDOWS\system32\ietmt.exe
    2008-04-09 22:55 . 2008-04-09 22:55 0 --a------ C:\output1.avi
    2008-04-09 22:36 . 2008-04-09 22:36 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
    2008-04-09 22:33 . 2008-04-10 15:58 <DIR> d-------- C:\Program Files\MKVTOAVI
    2008-04-09 12:38 . 2008-04-09 12:38 <DIR> d-------- C:\Program Files\Network Associates
    2008-04-05 16:30 . 2008-04-13 20:20 11,114 --a------ C:\Documents and Settings\All Users\Application Data\MainApp.dll
    2008-04-05 16:29 . 2008-04-05 16:29 <DIR> d-------- C:\Program Files\CloneDVD
    2008-04-05 16:29 . 2008-04-05 16:29 <DIR> d-------- C:\Documents and Settings\Joshua\Application Data\Vso
    2008-04-05 16:29 . 2008-04-05 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVDXStudio
    2008-04-05 16:29 . 2008-04-05 16:29 81,920 --a------ C:\Documents and Settings\Joshua\Application Data\ezpinst.exe
    2008-04-05 16:29 . 2008-04-05 16:29 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2008-04-05 16:29 . 2008-04-05 16:29 47,360 --a------ C:\Documents and Settings\Joshua\Application Data\pcouffin.sys
    2008-04-05 16:26 . 2008-04-05 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
    2008-04-05 16:26 . 2008-04-11 16:35 40 ---hs---- C:\Documents and Settings\All Users\Application Data\.zreglib
    2008-04-05 16:26 . 2008-04-05 16:26 24 ---hs---- C:\WINDOWS\SEE82798D.tmp
    2008-03-28 21:28 . 2008-04-02 10:42 238 --a------ C:\WINDOWS\mafosav.INI
    2008-03-28 21:25 . 2008-03-28 21:25 <DIR> d-------- C:\Buziol Games
    2008-03-28 11:58 . 2008-04-02 10:18 <DIR> d-------- C:\Program Files\Windows Live
    2008-03-28 10:41 . 2008-03-28 10:41 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    2008-03-21 18:52 . 2008-03-21 18:53 <DIR> d-------- C:\Program Files\Safari
    2008-03-21 18:47 . 2008-03-21 18:48 <DIR> d-------- C:\Program Files\iTunes
    2008-03-21 18:47 . 2008-03-21 18:47 <DIR> d-------- C:\Program Files\iPod

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-21 14:35 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
    2008-04-21 14:35 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
    2008-04-21 14:35 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
    2008-04-21 14:35 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
    2008-04-21 14:35 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
    2008-04-21 14:35 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
    2008-04-21 14:35 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
    2008-04-21 14:35 139,256 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
    2008-04-19 01:56 --------- d-----w C:\Program Files\FinePixViewer
    2008-04-19 01:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-19 01:34 --------- d-----w C:\Documents and Settings\Joshua\Application Data\FUJIFILM
    2008-04-18 00:34 --------- d-----w C:\Documents and Settings\Joshua\Application Data\Azureus
    2008-04-17 07:11 --------- d-----w C:\Program Files\Azureus
    2008-04-16 13:54 --------- d-----w C:\Documents and Settings\Margarita\Application Data\Skype
    2008-04-16 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-15 08:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-15 07:28 --------- d-----w C:\Program Files\Common Files\Scanner
    2008-04-15 05:46 91,400 ----a-w C:\WINDOWS\system32\isafprod.dll
    2008-04-15 05:46 32,264 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
    2008-04-15 05:46 26,376 ----a-w C:\WINDOWS\system32\drivers\vet-filt.sys
    2008-04-15 05:46 21,512 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
    2008-04-15 05:46 21,128 ----a-w C:\WINDOWS\system32\drivers\vet-rec.sys
    2008-04-14 10:31 --------- d-----w C:\Documents and Settings\Joshua\Application Data\DVD Flick
    2008-04-14 10:12 --------- d-----w C:\Program Files\Avanquest update
    2008-04-11 12:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
    2008-04-09 12:37 --------- d-----w C:\Documents and Settings\Joshua\Application Data\NewzToolz
    2008-04-05 05:50 --------- d-----w C:\Documents and Settings\Joshua\Application Data\Creative
    2008-04-02 22:37 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-02 00:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-21 10:21 --------- d-----w C:\Documents and Settings\Joshua\Application Data\Apple Computer
    2008-03-19 13:07 97,600 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
    2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
    2008-03-06 05:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-03-04 05:07 74,064 ----a-w C:\Documents and Settings\Joshua\Application Data\GDIPFONTCACHEV1.DAT
    2008-03-01 11:33 --------- d-----w C:\Program Files\uTorrent
    2008-03-01 10:28 --------- d-----w C:\Documents and Settings\Margarita\Application Data\MSNInstaller
    2008-03-01 05:13 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-01 01:47 --------- d-----w C:\Program Files\The Queen Of Fighters
    2008-03-01 01:44 --------- d-----w C:\Program Files\Common Files\Roxio Shared
    2008-03-01 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
    2008-03-01 01:29 --------- d-----w C:\Program Files\Roxio
    2008-03-01 01:15 --------- d-----w C:\Program Files\Google
    2008-03-01 01:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wait Find Browse New
    2008-03-01 01:02 --------- d-----w C:\Documents and Settings\Joshua\Application Data\Orbit
    2008-02-29 09:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\Orbit
    2008-02-28 11:52 --------- d-----w C:\Documents and Settings\Margarita\Application Data\Orbit
    2008-02-28 02:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Rdr Axis Meet
    2008-02-23 04:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
    2008-02-22 11:22 --------- d-----w C:\Program Files\QuickTime
    2008-02-01 04:34 99,592 ----a-w C:\WINDOWS\system32\isafeif.dll
    2008-02-01 04:34 83,256 ----a-w C:\WINDOWS\system32\vetredir.dll
    2008-01-28 09:53 114,688 ----a-w C:\WINDOWS\system32\xchdhhfzunq.exe
    2008-01-28 09:53 114,688 ----a-r C:\WINDOWS\system32\qupr.exe
    2008-01-28 09:53 114,688 ----a-r C:\WINDOWS\system32\ddbqavramg.exe
    2007-12-21 01:56 24,192 ----a-w C:\Documents and Settings\Owner\usbsermptxp.sys
    2007-12-21 01:56 22,768 ----a-w C:\Documents and Settings\Owner\usbsermpt.sys
    2007-01-28 14:30 92,064 ----a-w C:\Documents and Settings\Joshua\mqdmmdm.sys
    2007-01-28 14:30 9,232 ----a-w C:\Documents and Settings\Joshua\mqdmmdfl.sys
    2007-01-28 14:30 79,328 ----a-w C:\Documents and Settings\Joshua\mqdmserd.sys
    2007-01-28 14:30 66,656 ----a-w C:\Documents and Settings\Joshua\mqdmbus.sys
    2007-01-28 14:30 6,208 ----a-w C:\Documents and Settings\Joshua\mqdmcmnt.sys
    2007-01-28 14:30 5,936 ----a-w C:\Documents and Settings\Joshua\mqdmwhnt.sys
    2007-01-28 14:30 4,048 ----a-w C:\Documents and Settings\Joshua\mqdmcr.sys
    2007-01-28 14:30 25,600 ----a-w C:\Documents and Settings\Joshua\usbsermptxp.sys
    2007-01-28 14:30 22,768 ----a-w C:\Documents and Settings\Joshua\usbsermpt.sys
    2002-09-11 14:26 63,730 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf
    2007-12-20 05:35 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ((((((((((((((((((((((((((((( [email protected]_ 8.32.39.87 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-20 22:01:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-21 22:49:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{534A3E28-2B67-5797-55C6-08628A7497AD}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64B94229-7967-860A-A0C2-034C02BA876B}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66E72884-4FD2-464F-A6B8-468F31C40E36}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-20 14:28 67128]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 19:33 68856]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 10:03 868352]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 10:37 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-04 09:15 4554752]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
    "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-04-15 15:46 181512]
    "CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-04-15 15:46 234760]
    "cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-04-15 15:46 771336]
    "capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-04-15 15:46 173320]
    "capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-04-15 15:46 259336]
    "qupr"="C:\WINDOWS\system32\qupr.exe" [2008-01-28 19:53 114688]
    "xchdhhfzunq"="C:\WINDOWS\system32\xchdhhfzunq.exe" [2008-01-28 19:53 114688]
    "CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-10-25 11:51 380928]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 22:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 12:10 267048]
    "ietmt"="C:\WINDOWS\system32\ietmt.exe" [2008-04-14 08:52 159744]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 22:00 158208]
    "ztk"="C:\WINDOWS\system32\ztk.exe" [2008-04-15 17:30 163840]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "qupr"="C:\WINDOWS\system32\qupr.exe" [2008-01-28 19:53 114688]
    "xchdhhfzunq"="C:\WINDOWS\system32\xchdhhfzunq.exe" [2008-01-28 19:53 114688]
    "ietmt"="C:\WINDOWS\system32\ietmt.exe" [2008-04-14 08:52 159744]
    "ztk"="C:\WINDOWS\system32\ztk.exe" [2008-04-15 17:30 163840]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-04-20 22:44:58 113664]
    ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-04-19 11:33:16 303104]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-20 14:28:05 67128]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqrsp]
    awtqrsp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
    UmxWnp.Dll 2007-05-18 12:30 79368 C:\WINDOWS\system32\UmxWNP.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.scg726"= scg726.acm
    "msacm.alf2cd"= alf2cd.acm
    "msacm.ac3acm"= ac3acm.acm
    "vidc.dvsd"= mcdvd_32.dll
    "msacm.l3fhg"= mp3fhg.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "VIDC.YV12"= yv12vfw.dll
    "msacm.ac3filter"= ac3filter.acm
    "msacm.lameacm"= lameACM.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
    "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Joshua^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
    path=C:\Documents and Settings\Joshua\Start Menu\Programs\Startup\VirtuaGirl2.lnk
    backup=C:\WINDOWS\pss\VirtuaGirl2.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 09:24]
    R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 12:30]
    R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 12:30]
    R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 13:21]
    R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 09:24]
    R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 11:09]
    R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-18 09:24]
    R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 09:24]
    R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 12:30]
    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 03:17]
    R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-13 14:15]
    R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
    R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2008-04-15 15:46]
    S2 eseonijpbeuoa;DigiCtrl;C:\WINDOWS\system32\phnyd.exe [2008-04-22 08:52]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a3d1316-5535-11dc-80a1-001346938c80}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b31d8568-757f-11dc-810d-001346938c80}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-21 23:00:00 C:\WINDOWS\Tasks\B20D87CF918A34F3.job"
    - c:\docume~1\owner\applic~1\rdraxi~1\mess type surf.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-22 09:06:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 14

    **************************************************************************
    .
    Completion time: 2008-04-22 9:08:14
    ComboFix-quarantined-files.txt 2008-04-21 23:07:51
    ComboFix2.txt 2008-04-20 22:33:28

    Pre-Run: 9,399,185,408 bytes free
    Post-Run: 9,440,342,016 bytes free

    243 --- E O F --- 2008-04-21 14:34:59
     
  11. LatinoPride

    LatinoPride Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    28
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:09:29, on 22/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\system32\ztk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {534A3E28-2B67-5797-55C6-08628A7497AD} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {64B94229-7967-860A-A0C2-034C02BA876B} - (no file)
    O2 - BHO: (no name) - {66E72884-4FD2-464F-A6B8-468F31C40E36} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [qupr] C:\WINDOWS\system32\qupr.exe
    O4 - HKLM\..\Run: [xchdhhfzunq] C:\WINDOWS\system32\xchdhhfzunq.exe
    O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ietmt] C:\WINDOWS\system32\ietmt.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [ztk] C:\WINDOWS\system32\ztk.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\RunServices: [qupr] C:\WINDOWS\system32\qupr.exe
    O4 - HKLM\..\RunServices: [xchdhhfzunq] C:\WINDOWS\system32\xchdhhfzunq.exe
    O4 - HKLM\..\RunServices: [ietmt] C:\WINDOWS\system32\ietmt.exe
    O4 - HKLM\..\RunServices: [ztk] C:\WINDOWS\system32\ztk.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: awtqrsp - awtqrsp.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DigiCtrl (eseonijpbeuoa) - Unknown owner - C:\WINDOWS\system32\phnyd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

    --
    End of file - 12900 bytes
     
  12. LatinoPride

    LatinoPride Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    28
    Volume in drive C has no label.
    Volume Serial Number is 6473-224B

    Directory of C:\Documents and Settings\Joshua\Application Data

    21/04/2008 23:01 <DIR> Adobe
    26/06/2007 22:20 <DIR> AdobeUM
    21/03/2008 20:21 <DIR> APPLEC~1 Apple Computer
    17/06/2007 17:48 <DIR> ArcSoft
    28/07/2007 13:19 <DIR> AVS4YOU
    18/04/2008 10:34 <DIR> Azureus
    27/01/2008 15:43 <DIR> CALLIN~1 CallingID
    30/08/2007 21:21 <DIR> Canon
    05/04/2008 15:50 <DIR> Creative
    12/01/2007 16:12 <DIR> CYBERL~1 CyberLink
    14/04/2008 20:31 <DIR> DVDFLI~1 DVD Flick
    05/04/2008 16:29 81,920 ezpinst.exe
    14/04/2008 20:33 <DIR> FROSTW~1 FrostWire
    19/04/2008 11:34 <DIR> FUJIFILM
    04/03/2008 15:07 74,064 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
    27/01/2008 12:33 <DIR> GETRIG~1 GetRightToGo
    14/10/2007 19:47 <DIR> Google
    14/06/2007 12:32 <DIR> Help
    25/12/2006 16:12 <DIR> IDENTI~1 Identities
    28/01/2007 19:41 <DIR> INSTAL~1 InstallShield
    11/03/2007 06:31 <DIR> MACROM~1 Macromedia
    10/10/2007 11:49 <DIR> MEDIAP~1 Media Player Classic
    26/12/2006 11:22 <DIR> MICROS~2 Microsoft Web Folders
    20/06/2007 22:15 <DIR> Mozilla
    09/04/2008 22:37 <DIR> NEWZTO~1 NewzToolz
    01/03/2008 11:02 <DIR> Orbit
    11/12/2007 15:21 <DIR> PCTOOL~1 PC Tools
    05/04/2008 16:29 7,176 pcouffin.cat
    05/04/2008 16:29 1,144 pcouffin.inf
    05/04/2008 16:29 34 pcouffin.log
    05/04/2008 16:29 47,360 pcouffin.sys
    08/10/2007 18:59 <DIR> Real
    20/01/2008 20:23 <DIR> Roxio
    19/04/2007 21:34 <DIR> Skype
    29/12/2006 14:34 <DIR> SlySoft
    10/01/2007 21:16 <DIR> Sun
    20/06/2007 22:15 <DIR> Talkback
    13/12/2007 14:49 <DIR> TEAMSP~1 teamspeak2
    28/08/2007 17:11 <DIR> U3
    08/10/2007 18:31 <DIR> Ventrilo
    24/07/2007 15:44 <DIR> vlc
    05/04/2008 16:29 <DIR> Vso
    11/02/2008 20:59 <DIR> WATCHT~1 Watchtower
    6 File(s) 211,698 bytes
    37 Dir(s) 9,454,702,592 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 6473-224B

    Directory of C:\Documents and Settings\All Users\Application Data

    24/08/2007 19:20 <DIR> 01IDOL~1 01 idol rule wait
    09/01/2008 15:03 <DIR> Adobe
    17/08/2007 12:04 <DIR> AGEOFE~1 Age of Empires 3
    09/07/2007 17:05 <DIR> Apple
    25/11/2006 08:01 <DIR> APPLEC~1 Apple Computer
    26/12/2006 16:12 <DIR> Autodesk
    20/01/2007 22:08 <DIR> Avg7
    28/07/2007 22:42 <DIR> AVS4YOU
    31/07/2007 16:35 <DIR> Azureus
    25/12/2006 17:08 <DIR> BVRPSO~1 BVRP Software
    27/01/2008 15:24 <DIR> CA
    13/04/2008 20:20 2,932 CONFIG~1.LOG Configure.log.log
    16/02/2008 15:06 <DIR> Creative
    22/11/2006 17:51 <DIR> CYBERL~1 CyberLink
    06/03/2008 15:04 <DIR> DVDSHR~1 DVD Shrink
    13/04/2008 20:20 6,539 DVDBUR~1.LOG DVDBurner.log.log
    13/04/2008 20:20 36,025 DVDCON~1.LOG DVDConverter.log.log
    13/04/2008 20:20 9,423 DVDDEV~1.LOG DVDDeviceCtrl.log.log
    05/04/2008 16:29 <DIR> DVDXST~1 DVDXStudio
    20/02/2007 16:04 <DIR> Google
    11/04/2008 16:38 45,830 IFO_BB~1.LOG IFO_BBCDVD1558.LOG
    26/04/2007 18:25 51 INSTAL~1.LOG Installer.log
    08/01/2008 09:07 <DIR> INSTAL~1 InstallShield
    13/04/2008 20:20 3,003 ISOCON~1.LOG isoConverter.log.log
    14/03/2008 21:34 0 ISx2.tmp
    14/03/2008 22:01 0 ISx4.tmp
    14/03/2008 21:20 0 ISx6.tmp
    10/12/2007 23:27 <DIR> Lavasoft
    13/04/2008 20:20 11,114 MainApp.dll
    13/04/2008 20:20 23,835 MAINAP~1.LOG MainApp.log.log
    20/06/2007 22:15 <DIR> Mozilla
    13/04/2008 13:35 6,895 Neroerr.log
    20/04/2006 18:18 <DIR> NVIEW_~1 nView_Profiles
    08/10/2007 19:17 <DIR> Real
    01/03/2008 11:42 <DIR> Roxio
    22/04/2006 16:20 <DIR> Skype
    05/04/2008 16:26 <DIR> SlySoft
    08/01/2008 09:06 <DIR> Sonic
    16/04/2008 22:55 <DIR> SPYBOT~1 Spybot - Search & Destroy
    20/04/2006 22:55 <DIR> SSSCAN~1 SSScanAppDataDir
    20/04/2006 22:55 <DIR> SSSCAN~2 SSScanWizard
    17/04/2008 10:18 <DIR> TEMP
    29/12/2006 20:08 <DIR> TREECA~1 TreeCardGames
    20/01/2008 20:39 <DIR> VOWSoft
    01/03/2008 11:14 <DIR> WAITFI~1 Wait Find Browse New
    12/07/2006 10:31 <DIR> WINDOW~1 Windows Genuine Advantage
    23/06/2007 10:23 <DIR> WINDOW~2 Windows Live Toolbar
    02/04/2008 10:17 <DIR> WLINST~1 WLInstaller
    11/04/2008 17:38 448 WNASPI~1.LOG wnaspi32.log.log
    14 File(s) 146,095 bytes
    35 Dir(s) 9,454,698,496 bytes free
    Volume in drive C has no label.
    Volume Serial Number is 6473-224B

    Directory of C:\Program Files

    20/04/2008 09:37 <DIR> .
    20/04/2008 09:37 <DIR> ..
    20/01/2008 20:39 <DIR> ABC3GP~1 ABC 3GP Converter
    20/01/2007 20:05 <DIR> ACW
    16/01/2008 19:16 <DIR> Adobe
    17/12/2007 12:31 <DIR> AGEOFE~1 Age Of Empires 3
    08/01/2008 09:00 <DIR> Ahead
    21/12/2007 19:54 <DIR> AMLPRO~1 AML Products
    20/04/2006 16:33 <DIR> ANI
    03/04/2008 08:37 <DIR> APPLES~1 Apple Software Update
    20/04/2006 22:52 <DIR> ArcSoft
    20/04/2006 16:01 <DIR> ASUSTeK
    26/12/2006 16:12 <DIR> AUTOCA~1 AutoCAD 2006
    26/04/2006 20:34 <DIR> Autodesk
    14/04/2008 20:12 <DIR> AVANQU~1 Avanquest update
    19/11/2007 10:21 <DIR> AVS4YOU
    17/04/2008 17:11 <DIR> Azureus
    21/06/2007 17:59 <DIR> BITDOW~1 BitDownload
    20/04/2006 15:47 <DIR> BROADC~1 BroadCom GB LAN
    27/01/2008 12:42 <DIR> CA
    20/04/2006 22:51 <DIR> Canon
    10/12/2007 23:33 <DIR> Cfrhvwrv
    05/04/2008 16:29 <DIR> CloneDVD
    09/04/2008 22:36 <DIR> COMBIN~1 Combined Community Codec Pack
    03/04/2008 08:41 <DIR> COMMON~1 Common Files
    19/04/2006 09:57 <DIR> COMPLU~1 ComPlus Applications
    16/02/2008 14:47 <DIR> Creative
    22/11/2006 17:51 <DIR> CYBERL~1 CyberLink
    22/11/2006 17:49 <DIR> CYBERL~2 CyberLink DVD Solution
    20/04/2006 16:33 <DIR> D-Link
    26/12/2006 16:14 <DIR> designIT
    25/12/2006 17:06 <DIR> DVDDEC~1 DVD Decrypter
    01/08/2007 18:24 <DIR> DVDFLI~1 DVD Flick
    30/07/2007 21:56 <DIR> DVDSHR~1 DVD Shrink
    20/01/2008 20:34 <DIR> dvdSanta
    25/12/2006 16:32 <DIR> ELABOR~1 Elaborate Bytes
    19/11/2007 10:54 <DIR> ENIGMA~1 Enigma Software Group
    19/04/2008 11:56 <DIR> FINEPI~1 FinePixViewer
    14/04/2008 19:51 <DIR> FROSTW~1 FrostWire
    20/04/2006 15:47 <DIR> GIGABYTE
    01/03/2008 11:15 <DIR> Google
    20/04/2006 18:25 <DIR> Grisoft
    23/06/2007 11:32 <DIR> IEAK
    19/04/2006 10:10 <DIR> Intel
    22/12/2007 21:46 <DIR> INTERN~1 Internet Explorer
    21/03/2008 18:47 <DIR> iPod
    21/03/2008 18:48 <DIR> iTunes
    13/11/2007 22:04 <DIR> Java
    08/10/2007 19:17 <DIR> K-LITE~1 K-Lite Codec Pack
    10/12/2007 23:27 <DIR> Lavasoft
    09/04/2007 18:12 <DIR> LIMEWI~1 LimeWire 2
    26/04/2007 18:18 <DIR> Logitech
    08/08/2007 23:58 <DIR> MagicISO
    23/06/2007 11:52 <DIR> MICROS~4 Microsoft ActiveSync
    23/06/2007 11:38 <DIR> MICROS~1 microsoft frontpage
    14/09/2007 13:21 <DIR> MICROS~3 Microsoft Games
    04/11/2007 01:09 <DIR> MICROS~2 Microsoft Office
    10/04/2008 15:58 <DIR> MKVTOAVI
    21/12/2007 11:58 <DIR> MOTORO~1 Motorola Phone Tools
    19/04/2006 09:58 <DIR> MOVIEM~1 Movie Maker
    19/11/2007 10:30 <DIR> MP3PLA~1.10 MP3 Player Utilities 3.10
    19/11/2007 10:32 <DIR> MP3PLA~1.57 MP3 Player Utilities 3.57
    19/04/2006 09:57 <DIR> MSNGAM~1 MSN Gaming Zone
    18/11/2006 08:48 <DIR> MSXML4~1.0 MSXML 4.0
    04/07/2006 11:11 <DIR> MUSICM~1 Musicmatch
    19/04/2006 09:58 <DIR> NETMEE~1 NetMeeting
    09/04/2008 12:38 <DIR> NETWOR~1 Network Associates
    03/08/2007 20:39 <DIR> NEWZTO~1 NewzToolz
    28/09/2007 02:12 <DIR> OGPlanet
    19/04/2006 09:57 <DIR> ONLINE~1 Online Services
    18/08/2007 08:55 <DIR> OPENOF~1.0 OpenOffice.org 2.0
    23/06/2007 11:31 <DIR> ORKTools
    20/12/2007 15:27 <DIR> OUTLOO~1 Outlook Express
    05/01/2007 10:13 <DIR> PCFRIE~1 PCFriendly
    20/01/2007 22:25 <DIR> PCPITS~1 PCPitstop
    19/04/2008 11:36 <DIR> PIXELA
    08/08/2007 23:58 <DIR> PowerISO
    22/02/2008 21:22 <DIR> QUICKT~1 QuickTime
    17/07/2007 23:39 <DIR> Real
    20/04/2006 15:45 <DIR> Realtek
    19/04/2008 11:31 <DIR> REGSHAVE
    28/11/2007 21:44 <DIR> rgtwrubg
    01/03/2008 11:29 <DIR> Roxio
    21/03/2008 18:53 <DIR> Safari
    20/04/2006 22:54 <DIR> ScanSoft
    10/12/2007 23:33 <DIR> Sdwpasdv
    22/04/2006 16:20 <DIR> Skype
    25/12/2006 16:37 <DIR> SlySoft
    24/07/2007 17:02 <DIR> SMARTD~1 SmartDVDCreatorPro
    29/12/2006 20:08 <DIR> SolSuite
    15/04/2008 18:01 <DIR> SPYBOT~1 Spybot - Search & Destroy
    11/12/2007 21:54 <DIR> SPYWAR~1 Spyware Doctor
    13/12/2007 14:49 <DIR> TEAMSP~1 Teamspeak2_RC2
    01/03/2008 11:47 <DIR> THEQUE~1 The Queen Of Fighters
    20/04/2008 09:37 <DIR> TRENDM~1 Trend Micro
    01/03/2008 21:33 <DIR> uTorrent
    21/11/2007 15:20 <DIR> Ventrilo
    06/10/2007 09:54 <DIR> VentSrv
    27/01/2007 19:40 <DIR> VIEWSO~1 viewsonic
    12/09/2002 00:26 63,730 VIEWSO~1.PDF viewsonicinstruct_xp.pdf
    10/12/2007 23:33 <DIR> Vnzhfjvn
    06/02/2008 17:50 <DIR> WATCHT~1 Watchtower
    28/08/2007 16:08 <DIR> WILDHA~1 Wild Hare
    02/04/2008 10:18 <DIR> WI1F86~1 Windows Live
    01/12/2006 09:46 <DIR> WINDOW~4 Windows Media Connect 2
    21/12/2007 21:01 <DIR> WINDOW~2 Windows Media Player
    19/04/2006 09:57 <DIR> WINDOW~1 Windows NT
    09/04/2007 00:07 <DIR> Wyzo
    19/04/2006 10:01 <DIR> xerox
    1 File(s) 63,730 bytes
    108 Dir(s) 9,454,682,112 bytes free
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,377
    First Name:
    Karen
    You didn't post the correct ComboFix log. I need to see the one created after running the script. It should be ComboFix2.txt.
     
  14. LatinoPride

    LatinoPride Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    28
    I have tried to run the script but the same thing happens when i tried the run the Recovery thing. it comes up with:


    Open File - Security Warning
    This publisher could not be verified. Are you sure you want to
    run this software?

    Name: ComboFix.exe
    Publisher: Unknown Publisher
    Type: Application
    From: C:/Documents and Settings/Joshua/Desktop

    Then there is the option the Run or Cancel
    If i press run it will start the ComboFix program but nothing happens with the CFScript
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,377
    First Name:
    Karen
    1. Please download The Avenger2 by Swandog46 to your Desktop.
    • Right-click on the Avenger.zip folder and select "Extract All..."
    • Follow the prompts and extract the Avenger folder to your desktop
    2. Copy all the text contained in the code box below to your clipboard by highlighting it and pressing (Ctrl+C):

    Code:
    Files to delete:
    C:\WINDOWS\system32\ksykmwhukwwn.exe
    C:\WINDOWS\system32\ztk.exe
    C:\WINDOWS\system32\ietmt.exe
    C:\WINDOWS\SEE82798D.tmp
    C:\WINDOWS\system32\xchdhhfzunq.exe
    C:\WINDOWS\system32\qupr.exe
    C:\WINDOWS\system32\ddbqavramg.exe
    C:\WINDOWS\Tasks\B20D87CF918A34F3.job
    
    Folders to delete:
    C:\Documents and Settings\All Users\Application Data\Wait Find Browse New
    C:\Documents and Settings\Owner\Application Data\Rdr Axis Meet
    C:\Documents and Settings\All Users\Application Data\idol rule wait
    
    Drivers to delete:
    eseonijpbeuoa
    

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, open the Avenger folder and start The Avenger program by clicking on its icon.
    • Right-click on the window under Input script here:, and select Paste.
    • You can also paste the text copied to the clipboard into this window by pressing (Ctrl+V).
    • Click on Execute
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
    • After the restart, it creates a log file that should open with the results of Avenger¬ís actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of C:\avenger.txt into your reply along with a fresh HijackThis log .
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/704533

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice